to examine recent copyright stuff. It was anonymous, too. http://news.com.com/2100-1023-956637.html?tag=fd_top -- -- I used to have nightmares about having script kiddies running rampant on my network and not being able to catch them. I changed jobs, so now the nightmares are different. I'd give anything to have the old ones again. ~~ Matt Caron ~~
> http://www.theregister.co.uk/content/3/27065.html Where art thou Stuckists? Intel reveals share denial PC scheme By Andrew Orlowski in San Francisco Posted: 11/09/2002 at 09:02 GMT It was a schizophrenic Intel that faced the world at its Developer Conference in San Jose yesterday. In the morning keynote it touted its new multimedia "adaptor" platform, with glossy lifestyle videos explaining how our "digital media experience" would become "more convenient". In the afternoon it explained why it was embedding digital certificates into the hardware - and a spokesman from VeriSign Inc., which is partnering with Intel in this great adventure, could hardly believe his luck. On Thursday, when most of the press will have departed, it will host a session discussing a variety of share-denial technologies being funded by, or developed in, Intel's labs. These include our old favorite CPRM - incorporated into DVD-Audio players from Panasonic (DMR-E20) and Pioneer (DVR-3000) - along with DTCP (Digital Transmission Content Protection, which encrypts air to ground, or cable transmissions over FireWire) and HDCP (High Bandwith Digital Content Protection), which encrypts the display transmissions from your computer to your monitor.(Continue reading)
(Forwarded from Digital Bearer Settlement List) -------- Original Message -------- Date: Thu, 12 Sep 2002 13:50:14 -0400 From: "R. A. Hettinga" <rah <at> shipwright.com> > http://www.wired.com/news/print/0,1294,55006,00.html Digital Rights Outlook: Squishy By Brad King 2:00 a.m. Sep. 12, 2002 PDT Media companies are singing a new song that could be called "Get Squishy With It." The long-running debate over how much digital rights management is too much has changed. Now it's about just how much copy protection files should include, and media companies believe they have the answer: squishy security. "We need interoperable DRM products that allow people to never feel the walls (of security)," said Ted Cohen, vice president of new media at EMI, one of the five major music labels. It's not a new idea, but it's starting to resonate with Congress. At a recent government hearing, Philip Bond, undersecretary of commerce for technology, opened the debate(Continue reading)
Got this in my spam folder recently. ~ESP ----- Original Message ----- From: Venture Reporter To: sales <at> venturereporter.net Sent: Thursday, September 12, 2002 1:06 PM Subject: Invite: Content Management Summit, Oct. 10th New York City Dear Friends, The online content business is doing fantastic. Sound crazy? Perhaps. With advertising, online and off, taking it on the chin for the past two years, online content sites have been shutting down, laying off staff and pulling back on their offerings. However, this horrible environment has resulted in an undeniable trend: content businesses are challenging people to pay for content. Finally, after five years of free, people are beginning to understand that online, as in the real world, you get what you pay for and they are taking out their credit cards. U.S. consumers spent $675 million on paid online content last year, a 92 percent increase over 2000 spending levels, according to Online Publishers Association, and that figure is expected to increase exponentially this year. Look at these success stories: a.. New York Times Digital has been steadily increasing its paid content services over the last year, and registered a 16 percent increase in its total revenues for the latest quarter. b.. TheStreet.com brought over $3 million in subscriptions last quarter, an increase of almost 50 percent over the year-ago quarter. c.. ConsumerReports.com will reach over a million paying subscribers by the end of this year. d.. RealNetworks' consumer multi-media subscription service has more than 750,000 subscribers,(Continue reading)
(Forwarded from No DMCA in Canada list) -------- Original Message -------- Subject: [d <at> DCC] a comment about Palladium in CryptoGraph Date: Mon, 16 Sep 2002 11:57:13 -0400 From: Michael Richardson <mcr <at> sandelman.ottawa.on.ca> To: No DMCA in Canada <canada-dmca-opponents <at> flora.org> http://www.counterpane.com/crypto-gram.html From: Niels Ferguson <niels <at> ferguson.net> Subject: Palladium Microsoft claims lots of benefits for Pd, some of which are to allow Digital Rights Management (DRM). However, most of the benefits can already be achieved by existing hardware. All Intel CPUs since the 286 have had very good hardware separation between tasks. It is only Microsoft's choice not to use this feature that has led to a single hunk of inter-dependent code. Intel CPUs can protect one program from the other. You can create secure device drivers which can no longer crash you computer. But, the basic operating system will always have full control of the computer. So you can protect programs from each other, and the user from malicious programs, but the user always maintains complete control over his machine. What Pd adds is to take control away from the user. It(Continue reading)
Niels Ferguson writes: > What Pd adds is to take control away from the user. It "allows" the > user to give up part of his control over the machine, and give it to a > program. This is of course required for DRM, but I cannot really think > of any other application. They talked about some things like banking > software, but that is just silly. We have perfectly good cryptography to > handle those threats, and using Pd for banking would be very dangerous. > After all, the Pd chip isn't protected against physical attacks, so you > have to trust the owner of the computer anyway. One likely use of Pd for banking software would be to use the "secure vault" to lock up account number and password information. This would ensure that no other software than the banking client could access this data, so that if you got a virus it would not be able to empty your banking account. And if the virus infected the banking client software itself, that would change its hash which would keep it from being able to access the data. Also, Palladium's attestation feature can be used to let the remote bank server check that the local client is clean and uninfected. This will catch the case where a virus infects the client before it initially creates the "vault". Contrary to Niels Ferguson's comments, these kinds of applications are far from silly. As we move into an era where more individuals use electronic banking systems, we face the risk that viruses can inflict serious financial costs on their victims. The next Nimda could empty your bank account and transfer its entire contents irreversibly to an overseas server. Given this threat, the defenses above seem not only(Continue reading)
Dear all, Well, it is kind of silly to argue with someone anonymous who doesn't even provide a return address, but his or her arguments exactly reflect the erroneous arguments for Pd. Before we continue, I should state that all I know of Pd is based on the presentation at the rump session of Crypto 2002 and the following discussion with several Microsoft employees. At 10:51 16/09/02 -0700, AARG! Anonymous wrote: >Niels Ferguson writes: > >> What Pd adds is to take control away from the user. It "allows" the >> user to give up part of his control over the machine, and give it to a >> program. This is of course required for DRM, but I cannot really think >> of any other application. They talked about some things like banking >> software, but that is just silly. We have perfectly good cryptography to >> handle those threats, and using Pd for banking would be very dangerous. >> After all, the Pd chip isn't protected against physical attacks, so you >> have to trust the owner of the computer anyway. > >One likely use of Pd for banking software would be to use the "secure >vault" to lock up account number and password information. This would >ensure that no other software than the banking client could access this >data, so that if you got a virus it would not be able to empty your >banking account. And if the virus infected the banking client software >itself, that would change its hash which would keep it from being able >to access the data.(Continue reading)
AARG!Anonymous <remailer <at> aarg.net> writes: > One likely use of Pd for banking software would be to use the "secure > vault" to lock up account number and password information. This would > ensure that no other software than the banking client could access this > data, That's what an MMU and file permissions are for. Palladium isn't needed for such a thing. > so that if you got a virus it would not be able to empty your > banking account. Why not simply design the OS so it is not a likely victim for viruses? This is a general security problem, not one special to banking operations. My own machine doesn't seem to get viruses -- but then again it doesn't run Windows. Funny, that. (And before you mention the current worm infecting Linux apache sites, that's also caused by bad design, not an problem that requires hardware to fix.) > And if the virus infected the banking client software > itself, that would change its hash which would keep it from being able > to access the data. There are patches to NetBSD that happily prevent a program that does not have a particular hash from executing, and similar code for several other OSes I've seen. We need no hardware to do this. On the other hand, who needs hash functions when an ordinary user can't alter(Continue reading)
On 16 Sep 2002, Perry E. Metzger wrote: > AARG!Anonymous <remailer <at> aarg.net> writes: <SNIP> > > And if the virus infected the banking client software > > itself, that would change its hash which would keep it from being able > > to access the data. > > There are patches to NetBSD that happily prevent a program that does > not have a particular hash from executing, and similar code for > several other OSes I've seen. Even Windows (NT/2k/XP) can implement this functionality using AppSense Application Manager (see e.g. http://www.appsense.com/content/software_solutions/application_manager/application_manager.asp ). <SNIP> Rgds, Sam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo <at> wasabisystems.com(Continue reading)
(Forwarded from Interesting People list) -------- Original Message -------- Subject: [IP] You are invited to attend a White House Town Date: Mon, 16 Sep 2002 19:56:12 -0400 From: Dave Farber <dave <at> farber.net> To: ip <ip <at> v2.listbox.com> You are invited to attend a White House Town Hall Meeting Regarding the National Strategy to Secure Cyberspace To be held at the University of Pennsylvania October 3, 2002, 7:00 pm to 9:00 pm Annenberg Center Zellerbach Theatre 3680 Walnut Street Philadelphia, PA 19104 This Town Hall Meeting is held at the behest of the President¹s Critical Infrastructure Protection Board The purpose of this Town Hall Meeting is to: · raise awareness about the importance of cybersecurity to our national security, our economic well-being, and our(Continue reading)
RSS Feed12 | |
|---|---|
14 | |
30 | |
23 | |
18 | |
15 | |
9 | |
10 | |
5 | |
9 | |
19 | |
20 | |
14 | |
10 | |
10 | |
26 | |
10 | |
33 | |
29 | |
8 | |
13 | |
3 | |
43 | |
14 | |
17 | |
15 | |
8 | |
43 | |
34 | |
29 | |
14 | |
40 | |
25 | |
65 | |
60 | |
37 | |
33 | |
29 | |
12 | |
67 | |
94 | |
16 | |
39 | |
65 | |
23 | |
20 | |
13 | |
6 |
